Mozilla Patches Three Critical Holes in Firefox

Recently released, Firefox 3.0 already has a successor in Firefox 3.0.1. Mozilla issued the new version to fix three critical security problems, all of which might allow execution of arbitrary code. Two of the problems also affect Firefox 2.x.

According to technical details released by the company, one problem pertains to malformed GIF image files that could crash Firefox on Mac OS X and might allow intruders to launch arbitrary code. The problem doesn't affect Firefox 2.x.

A second vulnerability involves combining two flaws to facilitate a direct attack that could lead to direct file access on a user's computer when such an attack is launched against Firefox 2.x. In Firefox 3.0 such an attack isn't possible; however, the vulnerability could still allow an intruder to launch arbitrary code.

The third vulnerability involves a reference pointer to Cascading Style Sheet (CSS) objects. Mozilla said that in their code the pointer is defined using a variable size that is too small, which leaves room for an overflow attack, which typically might allow the execution of arbitrary code.